The WELL: inkwell.vue.103: Steven Levy - Crypto: How the Code Rebels Beat the Government

#86: Bob 'rab' Bickford (rab) Fri 23 Mar 01 11:48

Fri, 23 Mar 2001 11:48:00 PST

You look for an expected pattern of some sort -- simple letter frequency is the most obvious, but there are lots of others. For example, if you're expecting to find an email message in more-or-less-standard format, then you'll expect to see a group of lines of text that include things like the various From: and To: and Date: fields, followed by a blank line, followed by more text. If you're expecting to find a compressed file created with something like ZIP, then there are specific patterns to look for there as well (including a sort of header). [Read entire topic]

#85: Betsy Schwartz (betsys) Fri 23 Mar 01 09:30

Fri, 23 Mar 2001 09:30:00 PST

This is the basic thing that I'm not getting about crypto: How *do* you tell when you've unencrypted the message, when you're running through millions of possible solutions?

If detection has anything to do with letter frequency, then wouldn't removing spaces, and adding letters so that the distribution appears random, make it difficult to identify when you've found the plaintext? [Read entire topic]

#84: Bob 'rab' Bickford (rab) Thu 22 Mar 01 12:56

Thu, 22 Mar 2001 12:56:00 PST

Yes, that's what the book I referred to above is about. See also my friend Romana Machado's page at http://www.stego.com/ for more -- she introduced me to the subject in 1986, actually. [Read entire topic]

#83: Paul Bissex (biscuit) Thu 22 Mar 01 10:33

Thu, 22 Mar 2001 10:33:00 PST

<woodman> -- it's called Steganography. Check out:

http://steganography.tripod.com/stego.html [Read entire topic]

#82: windblowne (satyr) Thu 22 Mar 01 07:56

Thu, 22 Mar 2001 07:56:00 PST

There are methods for embedding cryptographic messages in, for instance, graphics files, such that they're not obviously there. (Probably the NSA can detect their presence, but you wouldn't know to suspect anything just looking at the rendered image. [Read entire topic]

#81: Bob 'rab' Bickford (rab) Wed 21 Mar 01 15:27

Wed, 21 Mar 2001 15:27:00 PST

See the recent book "Disappearing Cryptography" for lots more on that theme. I'm about halfway through my copy..... [Read entire topic]

#80: Eric Rawlins (woodman) Wed 21 Mar 01 15:18

Wed, 21 Mar 2001 15:18:00 PST

Seems to me the biggest hole still remaining in public crypto is that the encrypted message, though unbreakable, is still recognizably and obviously an encrypted message, allowing the Man to come back to you and say, "Decrypt this thing or I'll throw your ass in jail." I'd love to see a crypto system where the encrypted message looks like plain English or whatever; for instance, you supply it with a plain-English innocuous model and the system embeds into it the true message in the form of "typos" or something. At that point the FBI can take their Carnivore and melt it into scrap. [Read entire topic]

#79: James Howard (howardjp) Sun 4 Mar 01 11:19

Sun, 04 Mar 2001 11:19:00 PST

I was all over Meade a couple weeks ago and missed the museum. Looks like I need to go back. [Read entire topic]

#78: Infradibulated Gratility (ssol) Sun 4 Mar 01 09:20

Sun, 04 Mar 2001 09:20:00 PST

http://www.nsa.gov/museum/map.html for directions. It's in Maryland, just outside of DC, I believe. [Read entire topic]

#77: Steven Levy (steven) Sat 3 Mar 01 15:00

Sat, 03 Mar 2001 15:00:00 PST

Hi, I'm back, and will continue to discuss if there's interest.

I think that the general impression is that there was no "hole" or backdoor in DES. The hole, if you want to call it that, was the up-front limitation of a 56-bit key. I have the strong impression -- one confirmed by "high government officials" -- that the NSA underestimated how widespread DES would be, and later regretted that the 56 bits was the only limitation. Thus for years -- until late 1999, in fact -- you couldn't use DES in shrinkwrapped software for export. By then, of course, the 56 bit hurdle was something that could easily be broken, as the EFF proved with their DES- cracker, which cost a bit more than $200 K to crack one key, and very little thereafter to crack more keys.

As for what the NSA does with old computers, you can see a few, including a costly but no longer state of the art Thinking Machine supercomputer, at the National Cryptologic Museum, a trip I highly recommend. [Read entire topic]